[dns-operations] DNS-based site blocking in the UK
jim at rfc1035.com
Tue Aug 9 15:39:23 UTC 2011
On 9 Aug 2011, at 15:48, Wes Hardaker wrote:
> In a world where the government will always have a say in the last
> it's probably not possible to stop them from affecting the last hop.
> The best that can be done is to make disturbing the last hop
> allow the clients to resolve things themselves, but that won't prevent
> future legislation from requiring all ISPs to block outgoing traffic
> port 53 so that all ISPs can serve properly-poisoned (TM) records.
Wes, I fear you've over-reacted. Yes, governments could pass laws to
affect port 53 traffic. I doubt they are that stupid. [Though seeing
the sorts of silliness coming out of legislators all over the world,
there are valid grounds to debate that.] There will (or should be) a
recognition that any legislation shouldn't mention specific
countermeasures because the bad guys will just route around them
faster than the law could be updated.
My understanding of the UK situation is that parliament wants to
curtail copyright violation. How that gets done is implementation
detail for the experts to sort out. A solution which was disruptive
and destabilising to the DNS is unlikely to get serious attention,
especially when there are other, less intrusive ways of blocking
illegal downloads: address-based blacklisting, traffic shaping, etc.
The Ofcom report pretty much says this, though the language is more
subtle than what I've just typed.
> It's a slippery slope to painful places.
Welcome to The Real World (tm). :-)
More information about the dns-operations